<?php

/*
|--------------------------------------------------------------------------
| Application & Route Filters
|--------------------------------------------------------------------------
|
| Below you will find the "before" and "after" events for the application
| which may be used to do any work before or after a request into your
| application. Here you may also register your custom route filters.
|
*/

App::before(function($request)
{
	//
});


App::after(function($request, $response)
{
	//
});

/*
|--------------------------------------------------------------------------
| Authentication Filters
|--------------------------------------------------------------------------
|
| The following filters are used to verify that the user of the current
| session is logged into this application. The "basic" filter easily
| integrates HTTP Basic authentication for quick, simple checking.
|
*/

Route::filter('back_auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('admin/login');
        }
    }
});

Route::filter('self_service_auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('self/login');
        }
    }
});

Route::filter('mobile_auth', function()
{
    if (Auth::guest())
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 401);
        }
        else
        {
            return Redirect::guest('mobile/web_login');
        }
    }
});


//Route::filter('auth.basic', function()
//{
//	return Auth::basic();
//});

Entrust::routeNeedsPermission( 'back_end/staffs*', array('manage_staff','show_staff'), null, false );
Entrust::routeNeedsPermission( 'back_end/staffs/create', array('create_staff'), null, false );
Entrust::routeNeedsPermission( 'back_end/staffs/view/*', array('show_staff'), null, false );
Entrust::routeNeedsPermission( 'back_end/staffs/update/*', array('update_staff'), null, false );
Entrust::routeNeedsPermission( 'back_end/staffs/delete/*', array('delete_staff'), null, false );

Entrust::routeNeedsPermission( 'back_end/members*', array('manage_member','show_member'), null, false );
Entrust::routeNeedsPermission( 'back_end/members/create', array('create_member'), null, false );
Entrust::routeNeedsPermission( 'back_end/members/view/*', array('show_member'), null, false );
Entrust::routeNeedsPermission( 'back_end/members/update/*', array('update_member'), null, false );
Entrust::routeNeedsPermission( 'back_end/members/delete/*', array('delete_member'), null, false );

Entrust::routeNeedsPermission( 'back_end/roles*', array('manage_role','show_role'), null, false );
Entrust::routeNeedsPermission( 'back_end/roles/create', array('create_role'), null, false );
Entrust::routeNeedsPermission( 'back_end/roles/view/*', array('show_role'), null, false );
Entrust::routeNeedsPermission( 'back_end/roles/update/*', array('update_role'), null, false );
Entrust::routeNeedsPermission( 'back_end/roles/delete/*', array('delete_role'), null, false );

Entrust::routeNeedsPermission( 'back_end/foods*', array('manage_food','show_food'), null, false );
Entrust::routeNeedsPermission( 'back_end/foods/create', array('create_food'), null, false );
Entrust::routeNeedsPermission( 'back_end/foods/view/*', array('show_food'), null, false );
Entrust::routeNeedsPermission( 'back_end/foods/update/*', array('update_food'), null, false );
Entrust::routeNeedsPermission( 'back_end/foods/delete/*', array('delete_food'), null, false );
Entrust::routeNeedsPermission( 'back_end/foods/export/*', array('show_food'), null, false );

Entrust::routeNeedsPermission( 'back_end/menus*', array('manage_menu','show_menu'), null, false );
Entrust::routeNeedsPermission( 'back_end/menus/create', array('create_menu'), null, false );
Entrust::routeNeedsPermission( 'back_end/menus/view/*', array('show_menu'), null, false );
Entrust::routeNeedsPermission( 'back_end/menus/update/*', array('update_menu'), null, false );
Entrust::routeNeedsPermission( 'back_end/menus/delete/*', array('delete_menu'), null, false );
Entrust::routeNeedsPermission( 'back_end/menus/export/*', array('show_menu'), null, false );

Entrust::routeNeedsPermission( 'back_end/orders*', array('manage_order','show_order'), null, false );
Entrust::routeNeedsPermission( 'back_end/orders/getDetail/*', array('show_order'), null, false );

Entrust::routeNeedsPermission( 'back_end/carousels*', array('manage_carousel','show_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/create', array('create_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/view/*', array('show_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/update/*', array('update_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/go_top/*', array('update_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/delete/*', array('delete_carousel'), null, false );
Entrust::routeNeedsPermission( 'back_end/carousels/export/*', array('show_carousel'), null, false );

/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
//
//Route::filter('guest', function()
//{
//	if (Auth::check()) return Redirect::to('/');
//});

/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/

Route::filter('csrf', function()
{
    $list=['check_asy_pay_res','check_syn_pay_res/service','check_syn_pay_res/mobile','mobile_wx_pay'];//白名单

	if (Session::token() !== Input::get('_token')&&!in_array(Request::path(),$list))
	{
		throw new Illuminate\Session\TokenMismatchException;
	}
});
